| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- # Some instance variables
- locals {
- ami_selection = "minion" # master, minion, ...
- }
- # Rather than pass in the aws security group, we just look it up. This will
- # probably be useful other places, as well.
- data "aws_security_group" "typical-host" {
- name = "typical-host"
- vpc_id = var.vpc_id
- }
- # Use the default EBS key
- data "aws_kms_key" "ebs-key" {
- key_id = "alias/ebs_root_encrypt_decrypt"
- }
- resource "aws_security_group" "mailrelay_security_group" {
- name = "mailrelay_security_group"
- description = "Security Group for the Mail Relay Server(s)"
- vpc_id = var.vpc_id
- tags = merge(var.standard_tags, var.tags)
- }
- resource "aws_security_group_rule" "smtp-in" {
- description = "inbound smtp requests"
- type = "ingress"
- from_port = 25
- to_port = 25
- protocol = "tcp"
- cidr_blocks = [ "10.0.0.0/8" ]
- security_group_id = aws_security_group.mailrelay_security_group.id
- }
- resource "aws_security_group_rule" "submission-in" {
- description = "inbound smtp requests"
- type = "ingress"
- from_port = 587
- to_port = 587
- protocol = "tcp"
- cidr_blocks = [ "10.0.0.0/8" ]
- security_group_id = aws_security_group.mailrelay_security_group.id
- }
- #resource "aws_security_group_rule" "smtp-out" {
- # description = "outbound smtp requests"
- # type = "egress"
- # from_port = 25
- # to_port = 25
- # protocol = "tcp"
- # cidr_blocks = [ "10.0.0.0/8" ]
- # security_group_id = aws_security_group.mailrelay_security_group.id
- #}
- resource "aws_security_group_rule" "submission-out" {
- description = "outbound submission (smtp-s) requests"
- type = "egress"
- from_port = 587
- to_port = 587
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.mailrelay_security_group.id
- }
|
